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QUESTION: 41 

You’re involved in a highly competitive Enterprise Single Sign-On sale and the main 
competition is Oracle (with Passlogix v-GO underpinning their solution). They have 
spread the word that TAM E- SSO required a server and that they have a superior 
design because their solution is all client code. How would you respond? 


A. v-GO doesn’t work very well, with a lot of customer complaints about it. 

B. v-GO is an appliance and therefore is not very flexible, in terms of meeting 
customers’ specific needs. 

C. As a client-server solution, TAM E-SSO scales better than v-GO, v-GO requires an 
Active Directory (AD) Schema extension and they load down the AD infrastructure to 
do what otherwise would be done with the proper technology - a server. 

D. V-Go hasn’t been certified by DARPA and TAM E-SSO has. 


Answer: C 


QUESTION: 42 
What is Open Web Application Security Project (OWASP)? 


A. OWASP is a for-profit group focused on improving the security of application 
software. B. OWASP is a worldwide free and open community focused on improving 
the security of databases. 

C. OWASP is a special IBM team made up of IBM Rational AppScan security experts, 
focused on improving security of Web applications. 

D. OWASP is a worldwide free and open community focused on improving the 
security of application software. 


Answer: D 


Reference: 
https://www.owasp.org/index.php/Main_Page 


QUESTION: 43 
Which of the following is NOT one of the major client benefits for IBM's cloud-based 
security services? 


A. Security expertise for management of on premise devices. 
B. Lower up-front capital investment and deployment costs. 
C. Lower cost of operational management. 

D. Integrated security and global analytics. 


Answer: A 


Explanation: 
Option A is the correct answer because on premise devices have almost nothing to do 
with cloud based security services. 


QUESTION: 44 
What does IBM Rational AppScan include in the product for ease of usability? 


A. An easy-to-use external USB cable that allows it to connect directly to the server. 

B. An easy-to-use scan wizard to help clients get started quickly. 

C. An easy-to-use command-line interface language that complies into an executable 
script. 

D. An easy-to-use mainframe interface that uses screen scrapping technologies. 


Answer: A 


Reference: 
ftp://public.dhe.ibm.com/common/ssi/ecm/en/rab14001usen/RAB14001USEN.PDF 


QUESTION: 45 
Which of the following statements is true about IBM Rational AppScan Enterprise 
Edition? 


A. IBM Rational AppScan Enterprise Edition offers all the functionality of all the 
AppScan products combined in a single edition. 

B. Rational AppScan Source Edition automates build testing, delivers comprehensive 
defect analysis, and offers environment-specific recommendations for fixing network 
security flaws. 

C. IBM Rational AppScan Enterprise is a zero footprint thin client that provides 
centralized control with advanced application scanning, remediation capabilities, 
executive security metrics and dashboards, key regulatory compliance reporting, and 
seamless integration with the desktop version. 

D. IBM Rational AppScan Enterprise Edition offers composite analysis testing and 
runtime analysis testing to its users. 


Answer: B 


QUESTION: 46 
How are issues identified by IBM Rational AppScan? 


A. The IBM Rational AppScan tool identifies issues by listing the type of vulnerability 
and which pages contain the vulnerability. 


B. IBM Rational AppScan uses an encrypted hex-byte file to send the results back to 
the corporate security cluster. 

C. Issues are not identified by IBM Rational AppScan; they are automatically fixeD. 
D. IBM Rational AppScan sends the results back to the mainframe TSO session for 
further processing 


Answer: A 


Reference: 
http://www-304.ibm.com/industries/publicsector/fileserve?contentid=167364 


QUESTION: 47 

At a regional security event sponsored by an IBM Business Partner, an IBM Security 
salesperson delivers a presentation. One of the clients expresses significant interest in 
the IBM Security Virtual Server Protection for their ESX Servers. This client requests 
technical configuration information. What action should the IBM Security seller take? 


A. Recommend a meeting between the client and the Business Partner seller/System 
Engineer team to evaluate the client’s configuration needs. 

B. Instruct the client to call IBM Security Techline to discuss configuration options. 

C. Schedule an onsite meeting between the Business Partner seller and IBM SE to 
evaluate the client’s network and configuration needs. 

D. Schedule an onsite meeting between the client and IBM SE to discuss the pros and 
cons of the 

IBM Security Virtual Server Protection for VMware solution. 


Answer: A 
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